Bug#690075: unblock: dnsmasq/2.63-4
On Wed, 12 Dec 2012 12:11:12 +0100 intrigeri wrote: > A new upstream release was uploaded to unstable since then, so this > unblock request can't be satisfied as is. Please either update or > close it. Actually, unstable got 2.64-1 _and_ 2.65-1 by now. Simon: Are these uploads necessary to fix the security issue this unblock request talks about (CVE-2012-3411)? If so, can you please close this unblock request and open a new one? If not, it would be better to upload new versions to experimental during the freeze. Your best option (AFAICT) is to prepare an upload to t-p-u now. Thanks. -- Best regards, Michael -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130206000721.24fd9...@midna.rag.lan
Bug#690075: unblock: dnsmasq/2.63-4
Hi, intrigeri wrote (14 Nov 2012 23:58:44 GMT) : > Simon Kelley wrote (12 Nov 2012 21:05:35 GMT) : >> I'd strongly suggest moving to 2.63-4, rather than backporting. >> The changes for the security fix are not trivial, and probablity of >> introducing a bug backporting is much larger that the probablity >> that there's an un-found bug in 2.63 which is not in 2.62. There are >> no intended backwards incompatibilities between 2.63 and 2.62, and >> no un-intended ones have been found in the three months since 2.63 >> was released. > Then, this matter goes way out of the scope of my humble "help the > release team with a few easy reviews" effort. A new upstream release was uploaded to unstable since then, so this unblock request can't be satisfied as is. Please either update or close it. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/85pq2f7cfj@boum.org
Bug#690075: unblock: dnsmasq/2.63-4
Hi, Simon Kelley wrote (12 Nov 2012 21:05:35 GMT) : > I'd strongly suggest moving to 2.63-4, rather than backporting. > The changes for the security fix are not trivial, and probablity of > introducing a bug backporting is much larger that the probablity > that there's an un-found bug in 2.63 which is not in 2.62. There are > no intended backwards incompatibilities between 2.63 and 2.62, and > no un-intended ones have been found in the three months since 2.63 > was released. Then, this matter goes way out of the scope of my humble "help the release team with a few easy reviews" effort. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/85y5i3u47f@boum.org
Bug#690075: unblock: dnsmasq/2.63-4
On 10/11/12 15:10, intrigeri wrote: tags 690075 + moreinfo thanks Hi Moritz, Moritz Muehlenhoff wrote (09 Oct 2012 17:51:26 GMT) : Please unblock package dnsmasq It fixes CVE-2012-3411 unblock dnsmasq/2.63-4 The new upstream version includes quite a few changes that are unrelated to the security fix, which probably partly explains why nobody reviewed the proposed changes yet. However, determining which exact set of patches should be backported from upstream to fix this issue is not trivial, and I guess that's why Moritz asks for the whole think to be unblocked: 54dd393 (Add --bind-dynamic) is obvious, but a few follow-up commits come to fix the problems brought by the initial implementation; at least these two ones seem needed: * 2b5bae9 -- Fall back from --bind-dynamic to --bind-interfaces in BSD, rather than quitting * 5f11b3e -- Cope with --listen-address for not yet existent addr in bind-dynamic mode ... and I would not bet that's enough. Simon, are you interested in listing the commits that are needed, on top of 2.62-3, to fix CVE-2012-3411 without breaking anything? I'd strongly suggest moving to 2.63-4, rather than backporting. The changes for the security fix are not trivial, and probablity of introducing a bug backporting is much larger that the probablity that there's an un-found bug in 2.63 which is not in 2.62. There are no intended backwards incompatibilities between 2.63 and 2.62, and no un-intended ones have been found in the three months since 2.63 was released. Cheers, Simon. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50a1649f.2060...@thekelleys.org.uk
Processed: Re: Bug#690075: unblock: dnsmasq/2.63-4
Processing commands for cont...@bugs.debian.org: > tags 690075 + moreinfo Bug #690075 [release.debian.org] unblock: dnsmasq/2.63-4 Added tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 690075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690075 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.13525602743600.transcr...@bugs.debian.org
Bug#690075: unblock: dnsmasq/2.63-4
tags 690075 + moreinfo thanks Hi Moritz, Moritz Muehlenhoff wrote (09 Oct 2012 17:51:26 GMT) : > Please unblock package dnsmasq > It fixes CVE-2012-3411 > unblock dnsmasq/2.63-4 The new upstream version includes quite a few changes that are unrelated to the security fix, which probably partly explains why nobody reviewed the proposed changes yet. However, determining which exact set of patches should be backported from upstream to fix this issue is not trivial, and I guess that's why Moritz asks for the whole think to be unblocked: 54dd393 (Add --bind-dynamic) is obvious, but a few follow-up commits come to fix the problems brought by the initial implementation; at least these two ones seem needed: * 2b5bae9 -- Fall back from --bind-dynamic to --bind-interfaces in BSD, rather than quitting * 5f11b3e -- Cope with --listen-address for not yet existent addr in bind-dynamic mode ... and I would not bet that's enough. Simon, are you interested in listing the commits that are needed, on top of 2.62-3, to fix CVE-2012-3411 without breaking anything? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/85390h334f@boum.org
Bug#690075: unblock: dnsmasq/2.63-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package dnsmasq It fixes CVE-2012-3411 unblock dnsmasq/2.63-4 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121009175126.5477.63182.reportbug@pisco.westfalen.local
